Security News > 2021 > January

The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network. The hackers used Raindrop to deliver a Cobalt Strike beacon to select victims that were of interest and which had already been compromised through the trojanized SolarWinds Orion update.

Backup-as-a-service provider Rewind on Tuesday announced it has raised $15 million in Series A funding. Founded in 2015, the Ottawa, Canada-based company helps customers secure business-critical software-as-a-service application and cloud data, and claims more than 80,000 organizations in over 100 countries rely on its solutions.

Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player. Chrome 88 is now promoted to the Stable channel, Chrome 89 is the new Beta version, and Chrome 90 will be the Canary version.

The Interpol warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps. "In the initial stages, an artificial romance is established via a dating app. Once communication becomes regular and a certain level of trust is established, criminals share investment tips with their victims and encourage them to join a scheme."

The threat group behind the supply chain attack that targeted Texas-based IT management company SolarWinds leveraged a piece of malware named Raindrop for lateral movement and deploying additional payloads, Broadcom-owned cybersecurity firm Symantec reported on Tuesday. These malicious updates delivered a piece of malware named Sunburst, which the attackers inserted into the Orion product using another piece of malware, named Sunspot.

Swimlane, a provider of security orchestration, automation and response solutions, announced today that it has raised $40 million in growth funding. Denver, Colorado-based Swimlane is a player in the hot market of security orchestration, automation and response solutions, and helps security operations teams struggling with alert fatigue and staffing shortages.

Seven vulnerabilities affecting Dnsmasq, a caching DNS and DHCP server used in a variety of networking devices and Linux distributions, could be leveraged to mount DNS cache poisoning attack and/or to compromise vulnerable devices. "Some of the bigger users of Dnsmasq are Android/Google, Comcast, Cisco, Red Hat, Netgear, and Ubiquiti, but there are many more. All major Linux distributions offer Dnsmasq as a package, but some use it more than others, e.g., in OpenWRT it is used a lot, Red Hat use it as part of their virtualization platforms, Google uses it for Android hotspots, while, for example Ubuntu just has it as an optional package," Shlomi Oberman, CEO and researcher at JSOF, told Help Net Security.

SUNSPOT is StellarParticle's malware used to insert the SUNBURST backdoor into software builds of the SolarWinds Orion IT management product. SUNSPOT monitors running processes for those involved in compilation of the Orion product and replaces one of the source files to include the SUNBURST backdoor code.

The OpenWrt Project, the developer of the open source Linux operating system for embedded devices, informed users on Monday that someone had breached its forum over the weekend. In a security notice posted on the OpenWrt forum, users were told that the hacker gained access to the account of an administrator on January 16.

Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning, remote code execution, and denial-of-service attacks against millions of affected devices. Three of the DNSpooq vulnerabilities allow for both DNS cache poisoning attacks.